Re: Variable in iptable

From: Sheer El-Showk (sheer@saraf.com)
Date: 06/06/02 

Date: Thu, 6 Jun 2002 10:05:47 -0400 (EDT)
From: Sheer El-Showk <sheer@saraf.com>
To: <security-discuss@linuxsecurity.com>

Hi,

IP tables get run from a shell one way or another and most shell's allow
you to define variables (and it is the shell, not ip tables that will do
the variable replacement.

I normally setup my firewall scripts in a bash script. You could do
something like this:

#!/bin/sh

NETWORK="192.168.1.0/24"
GATEWAY="192.168.1.1"
ROUTER="23.4.56.32"
SECURENET="23.4.56.48/28"

iptables -A input -s $NETWORK -d $SECURENET -j ACCEPT

All the stuff above is fake (and pretty meaningless) but you can use
something like that to make your scripts more readable and easily to
modify.

Sheer

On Thu, 6 Jun 2002, Sergio Alves de Lima Jr. wrote:

>
> Hello,
>
> is possible definied variable in iptables rule, example:
>
> $user="blueuser";
>
> iptables -A input -s $user -d 0/0 -j ACCEPT
>
> Atenciosamente,
>
> ===================================
> Sergio A Lima Junior
> Depto. de Suporte
> GrupoNet Tecnologia
> sergio@gruponet.com.br
> http://www.gruponet.com.br
> ===================================
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
>

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.